Age | Commit message (Collapse) | Author | Files | Lines |
|
With VPP-651, the L2 output config with L2-tag rewrite was not
cleared when a sub-interface is deleted. Subsequently, when the
same sw_if_index was reused for another interface, the L2 output
config with L2-tag rewrite remained on the new interface.
On deleting a (sub-)interface which is in L2 mode, it will be
changed to L3 mode first to clear any L2 config. The L2 to L3 mode
change path did address L2 input config cleanup. It is now fixed
to also clear L2 output config.
Change-Id: I3352a89d92e1b27340a5adcf75bbaa01a5050c29
Signed-off-by: John Lo <loj@cisco.com>
|
|
Change-Id: I50070611af15b2b4cc29664a8bee4f821ac3c835
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ie56fca84a8a0ed77ee480e8078e6e9b3f4cef105
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I544a5d2906548607b69f999567b92f802fddddbb
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I356581f4bdf47b9610b9e50f4f8db9a1510872a7
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: If56c66dd12eded1cc997087de5fd1b975766c4e2
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Id89e23fb5d275572b2356c073dfa0f55719e1a76
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Change-Id: Ic2447313075cd46f265202dffaaac894f48ddf6d
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
API traces contain absolute message numbers. Loading plugins in
directory (vs. alphabetical) order makes trace replay fragile.
Change-Id: I46b3a3b6a9843a383d42269fca0cf5a789486eaf
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Ib1e301d62b687d4e42434239e7cd412065c28da0
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
Change-Id: I97681322fa9ca81736100b4d32eab84868886c7b
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I063d85200d12b09545ae1c373c7fc69112ae3b34
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
the path-extension vector
Change-Id: I8bd8f6917ace089edb1f65bd017b478ee198c03f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I6aac48d780fcd935818221044eae50067f225175
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I35ad6a42093cad0945df1df09a39c63c4560dce6
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I0ccb337eb0ed50ccc64193533cd816f6e36e6db5
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add doxygen documentation for dpdk CLI commands.
Outside of adding documentation to the CLI Commands, modified the CLI
code as follows:
* The "set dpdk interface placement" command allows the user to move
interface/queues to a different thread. But there is only a subset of
threads that are valid. Updated the "show dpdk interface placement"
command to display all valid threads, even if all interface/queues
have been moved off. Updated the "show dpdk interface hqos placement"
the same way.
* There is a command to modify the Subport attributes, but no way to
display the changes. Added a "Subport" section to the "show dpdk
interface hqos" command.
* Reworked the "set dpdk interface hqos subport" command.
- The current implementation had a local rte_sched_subport_params
structure and initialized it to default values, then overwrote with
what was input. The side effect of this is that if all the current
data is non-default, and a new command is entered with just one
attribute, all the remaining attrbutes are getting set back to
default under the cover. Very confusing for the user. Updated the
code to read the current value and overwrite what has changed.
- DPDK does not have a read subport data, so no way query the current
applied values. The set command was not updating the local copy that
is created at init. Modified the code to store the updated values if
the DPDK apply function was successful.
- Several functions repeated the same code to get a pointer to the
local HQoS data. Added a utility function.get_hqos(..), to perform
this action. Did not port other code to use new function.
* The "set dpdk interface hqos pktfield" allows the user to set the
packet fields required for classifiying the incoming packet. The
classification is across three fields (subport, pipe, tc). The command
was using 0,1,2 to represent these three fields, but had no
explanation regarding these magic numbers. Updated the command to take
the three tokens (subport, pipe, tc) for more clarity. For legacy
sake, still allow 0,1,2 to be entered. Also updated the "show dpdk
interface hqos" command to show these tokens.
* The "set dpdk interface hqos tctbl" maps an interface and value 0-63
to a traffic class and queue. The "show dpdk interface hqos" command
showed the internal DPDK magic number for traffic class and queue.
Updated the show command to display what was input instead of the
magic number.
* The "show dpdk hqos queue" command always returns zeros by default
because RTE_SCHED_COLLECT_STATS is not defined in DPDK. Took me a
while to figure out why I wasn't getting values returned. So returned
an error message if RTE_SCHED_COLLECT_STATS is not defined instead of
zeros.
Change-Id: I22b640d668245839ee977ef3602175c61d91d24c
Signed-off-by: Billy McFall <bmcfall@redhat.com>
|
|
Change-Id: I103fe19a1ecbaf3746ec6b957fa1010458cc9fae
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I12311be8ebd376b8aeac25364d010d70a85c7874
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: Icd0dba04d8929456228136d1f25c459bffcc6a7a
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
This follows the setup in the src/plugins directory, and allows
multiple plugin build independent of the main vpp source tree.
Change-Id: I9e20f4087d72ad89c6dc3f505bace4628385a40e
Signed-off-by: Anlu Yan <ayan@cisco.com>
|
|
In the CLI parsing, below is a common pattern:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
}
unformat_free (line_input);
The 'else' returns if an unknown string is encountered. There a memory
leak because the 'unformat_free(line_input)' is not called. There is a
large number of instances of this pattern.
Replaced the previous pattern with:
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "x"))
x = 1;
:
else
{
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
goto done:
}
}
/* ...Remaining code... */
done:
unformat_free (line_input);
return error;
}
In multiple files, 'unformat_free (line_input);' was never called, so
there was a memory leak whether an invalid string was entered or not.
Also, there were multiple instance where:
error = clib_error_return (0, "unknown input `%U'",
format_unformat_error, line_input);
used 'input' as the last parameter instead of 'line_input'. The result
is that output did not contain the substring in error, instead just an
empty string. Fixed all of those as well.
There are a lot of file, and very mind numbing work, so tried to keep
it to a pattern to avoid mistakes.
Change-Id: I8902f0c32a47dd7fb3bb3471a89818571702f1d2
Signed-off-by: Billy McFall <bmcfall@redhat.com>
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Jvpp code uses CRCs to obtain msg IDs.
Checking api_main_t.msg_index_by_name_and_crc is
enough to detect API mismatch.
Calling vl_client_get_first_plugin_msg_id is not needed.
Also fixes VPP-627.
Change-Id: Ie3085dfa458795fa11f17615ac94e76197a1c8cd
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
|
|
The DHCP proxy and VSS information maintained by VPP is the same for v4 and v6, so we can manage this state using the same code.
Packet handling is cleary different, so this is kept separate.
Change-Id: I10f10cc1f7f19debcd4c4b099c6de64e56bb0c69
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Id891af5ef3c4afe877282b34cd03fc43886940a3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
Change-Id: I9ac04b15440297c154ed1e3fba888915044cb245
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Inspection shows that the names of two functions:
api_snat_ipfix_enable_disable()
api_snat_add_del_interface_addr()
don't match their bodies and have been swapped.
Make the world right again by swapping them to match.
Change-Id: Ieefd7f0fdbf52794e8649b0cbbcf6e1403c1b90a
Signed-off-by: Jon Loeliger <jdl@netgate.com>
|
|
Change-Id: I6b5984df176688f0722a2888e73f05d8ed8b9310
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
DHCP additions:
1) DHCPv4 will only relay a message back to the client, if the Option82 information is present. So make this the default.
2) It is no longer possible to select via the API to "insert circuit ID" - since this is now default
3) Remove the version 2 API since it's now the same as version 1.
4) Adding the VSS option is now conditional only on the presence of VSS config (not the 'insert' option in the set API)
5) DHCP proxy dump via API
Change-Id: Ia7271ba8c1d4dbf34a02c401d268ccfbb1b74f17
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5454053461e6fb98e7f58f9562efde3590bb7cb5
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I133c55bce46d40ffddabbbf8626cbd3d072522d4
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
Extended sw_interface_dump to provide 802.1ah (pbb) tag rewrite info if
present.
Extended log "l2-output" to provide raw data to display result of
prospetive pbb tag rewrite. Tracing is moved after l2output_vtr to show
these changes.
Change-Id: I8b7cb865dc67ce21afab402cc086dac35f7c0f07
Signed-off-by: Pavel Kotucek <pkotucek@cisco.com>
|
|
the lock count on the entry did not drop to zero
Change-Id: I6e2dff8c3c7976fd1c2e4c5258f5dc73123aa9b7
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iecba818ccf74a4d34e35d498e6f6a1d3c62419f4
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
|
|
for IPsec Library
Change-Id: I58182edb7b0d314bb6dfa1daf7b00012196fd3e1
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Id17060fd0e8ac80c8cf1999b0b82d0241b3b969a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Add IP[46] MFIB dump.
Change-Id: I4a2821f65e67a5416b291e4912c84f64989883b8
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I5e0057b36bc4221e688a27fc1c0f602f78132991
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I7d8889dce8495607106593ad83320c9af0f2fa07
Signed-off-by: Klement Sekera <ksekera@cisco.com>
|
|
- IKE_SA_INIT and IKE_AUTH initial exchanges
- Delete IKA SA
- Rekey and delete Child SA
- Child SAs lifetime policy
To set up one VPP instance as the initiator use the following CLI commands (or API equivalents):
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
and finally
ikev2 initiate sa-init <profile id> to initiate the IKE_SA_INIT exchange
Child SA re-keying process:
1. Child SA expires
2. A new Child SA is created using the Child SA rekey exchange
3. For a set time both SAs are alive
4. After the set time interval expires old SA is deleted
Any additional settings will not be carried over (i.e. settings of the ipsec<x> interface associated with the Child SA)
CLI API additions:
ikev2 profile set <id> responder <interface> <addr>
ikev2 profile set <id> ike-crypto-alg <crypto alg> <key size> ike-integ-alg <integ alg> ike-dh <dh type>
ikev2 profile set <id> esp-crypto-alg <crypto alg> <key size> esp-integ-alg <integ alg> esp-dh <dh type>
ikev2 profile set <id> sa-lifetime <seconds> <jitter> <handover> <max bytes>
ikev2 initiate sa-init <profile id>
ikev2 initiate del-child-sa <child sa ispi>
ikev2 initiate del-sa <sa ispi>
ikev2 initiate rekey-child-sa <profile id> <child sa ispi>
Sample configurations:
Responder:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.responder
ikev2 profile set pr1 id remote fqdn vpp.home.initiator
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector local ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
Initiator:
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home.initiator
ikev2 profile set pr1 id remote fqdn vpp.home.responder
ikev2 profile set pr1 traffic-selector local ip-range 192.168.125.0 - 192.168.125.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 192.168.124.0 - 192.168.124.255 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 responder TenGigabitEthernet3/0/1 192.168.40.20
ikev2 profile set pr1 ike-crypto-alg aes-cbc 192 ike-integ-alg sha1-96 ike-dh modp-2048
ikev2 profile set pr1 esp-crypto-alg aes-cbc 192 esp-integ-alg sha1-96 esp-dh ecp-256
ikev2 profile set pr1 sa-lifetime 3600 10 5 0
Change-Id: I1db9084dc787129ea61298223fb7585a6f7eaf9e
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
|
|
fixes a problem that occurs with cryptodev ipv6 input.
Change-Id: I1f0c0db45b2aabc243dd785c8d5d5ef990cac903
Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
|
|
Change-Id: Ib0c8572773499d8dd4d81b3a565c24412ccc3510
Signed-off-by: Dave Barach <dave@barachs.net>
|
|
Change-Id: I8bb175cc9673895d4a8856786ecabfd66dd906e9
Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
|
|
Change-Id: I19ec3b769b6512f7408044751393d9faf10d01d5
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: Ib1760312df759c29a2c2220e7b783af311d91d1a
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I8f5cf447c131a790e4bbd46ef75063329fec7451
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
The idea is to prevent a huge processing burst if, say, the network goes
down 10' for some reason, and so that we don't need to expire 1M timer
sessions on the first call.
The maximum is not an exact value, but a value after which the
expiration process is postponed until the next call.
That way, we don't have to process the same tick twice, nor to unlink
timers once at a time when processing a tick.
The fact that a timer slot could contain many entries should be dealt
with by changing the number of ticks per second.
Change-Id: I892d07f965094102a3d53e7dbf4e6f5ad22d4967
Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
|
|
Also adds missing gpe nsh address type functions.
Change-Id: I3353a23c0518da9ce3b221ddf8c5bd0364930154
Signed-off-by: Florin Coras <fcoras@cisco.com>
|
|
Change-Id: I3925d2ebb2d26c676fc61f118d25bdf7fd522f26
Signed-off-by: Florin Coras <fcoras@cisco.com>
|